Users now have the option to access Facebook via HTTPS, which can reduce the risks of user information being intercepted by bad guys whilst socializing. The option appears among the advanced security features in the Account Security section of the Facebook Account Settings page.

The important caveat here is that HTTPS implementation will not render Facebook sessions entirely secure: As noted in the Facebook blog, "Some Facebook features, including many third-party applications, are not currently supported in HTTPS. We'll be working hard to resolve these remaining issues."

In other words, Facebook accounts might still be in jeopardy when used to access apps for important activities like managing virtual farms, zoos, towns, mafias, fish tanks, and the like.

Tim Callan, head of trust services product marketing at Symantec, applauded the move and cited Google's successful rollout of always-on SSL sessions last year. "Many may remember when Google did the same ... last year. Despite historic concern that deploying SSL session-wide may degrade performance, Google reported that there's no significant downside," Callan wrote in his blog.